- Experts expect Iranian hackers to indulge in retaliation cyberattacks against U.S. targets.
- Iran has proven its capabilities in the field again and again in recent years, especially after Stuxnet.
- Organizations are advised to follow basic security procedures, as the attacks will most likely be broad and unsystematic.
The possibility for various U.S. entities having to deal with Iranian cybersecurity threats is on the sky right now, after a drone strike killed the head of Iran’s Islamic Revolutionary Guard Corps (IRGC), General Qassem Soleimani. The political and military tensions in the region are now stretching dangerously, as Soleimani was a symbol of revolution in the country. This means that Iranians are bound to react, and retaliation in the cyberspace is considered almost certain at this point. Christopher Krebs, Director of Cybersecurity and Infrastructure Security Agency has issued the following warning on Twitter.
Given recent developments, re-upping our statement from the summer.
Bottom line: time to brush up on Iranian TTPs and pay close attention to your critical systems, particularly ICS. Make sure you’re also watching third party accesses! https://t.co/4G1P0WvjhS
— Chris Krebs (@CISAKrebs) January 3, 2020
Experts remind the world about what Iranian hackers have done in recent years, with examples including Shamoon, Ababil, SamSam, and others. FireEye has been tracking APT39 and APT34 (OilRig) for years now, and they recently reported about how the Iranian cyber-espionage groups manage to leverage phishing methods to spread malware, utilizing custom backdoors like Seaweed, Powbat, and Cachemoney. So, this is not a question of ability, and the motive to launch attacks is definitely there right now. Already, propaganda posts on Twitter and Instagram are trending like never before, so data-destroying campaigns, massive hacking operations, and denial of service attacks are surely on the way.
But this opinion is not common among all experts out there. Chris Morales, head of security analytics at Vectra has told us that: “Iran has been building capabilities since they were hit with Stuxnet, but is not as sophisticated in its cyber capabilities as it primarily leverages black market malware as opposed to the customer built malware used by US and Israel cyber command. I do think Iran would prompt a cyber strike.”
Hank Thomas, CEO at Strategic Cyber Ventures thinks that: “Iran will retaliate. There is no doubt about this. However, they will be looking for a way to appear both powerful and credible militarily at this pivotal point, without appearing to be a regional bully that traditionally relies on two-bit terrorist actions because they lack a robust advanced military response capability that could challenge the U.S. head-on.”
All this is an alarm for organizations that should ramp up their security measures if they were irresponsible enough to wait for the recent events to do so. Set up a reliable data backing up the system, use multi-factor authentication everywhere, filter incoming traffic, monitor network activity vigorously, and put phishing detection systems in place. Iranian hackers are expected to launch large-scale attacks, but they are unlikely to insist on a single target that seems hard to crack. Retaliation is about making a point, and not always about having tangible and valuable results.